I've setup a wifi guest network on an E2500 router running TomatoUSB, that I only want to have internet access provided for.
Did this by creating a separate bridge (br1), then putting it in it's own VLAN, created a virtual wifi interface, then set some firewall rules to isolate that network from the primary wifi network.
However, this router isn't directly connected to a modem on the WAN, it connects to another router on my local LAN (192.168.0.1) first. I've gotten ambituous and want to isolate out the local lan the other router is part of as well by keeping guests from seeing any of the devices there (except the router and the dns server), but it's not working and I can't figure out why...
here's the details:
br0 (full access wifi, 192.168.22.0)
br1 (guest access wifi, 192.168.23.0)
eth0 (E2500 WAN ip is 192.168.0.245, using 192.168.0.1 as gateway to router on local lan that is connected to modem)
I also use my own custom local dns server which is at 192.168.0.121
(ok, so here's the bit I wrote that isolates the two bridges from seeing each other which works fine)
(now here's the bit that I hoped would keep the guests out of the 192.168.0.0 subnet, except for the gateway and DNS ips, but it doesn't work)
I can still ping and access 192.168.0.0 devices from the guest network
I thought maybe the ordering was the issue, so i tried this as well:
Still no dice...
Any ideas?
Thanks
Mike
Moderator's Comments:
Please use code tags for your code and data, thanks
---------- Post updated at 11:00 AM ---------- Previous update was at 09:35 AM ----------
Nevermind! I figured it out. Also, the way it was written, communication was still happening between the bridges. Replaced all the code with this and now it's correctly blocking all traffic on both between the bridges as well as the local downstream lan..
Background : - Need to create addition 40G storage for VM guest.
1. I have created new KVM - VM guest on RHEL 5.8 server hosting server.
2. Hosting server has occupied all size with LV and there is not space to create new LV.
3. I tried to achieve this requirement by creating 40G file size and... (1 Reply)
Hi all
I need help with a set of iptables rules that would allow a portion of a bank of ipaddresses acces to only one or two named wbsites.
Please advise
Thank You
Ed (3 Replies)
Hi all,
I'm using virtualbox bridged adapter
Host:Windows 7
Guest: Solaris 11
while I can ping between the host and guess, I cannot access the Internet from the solaris guest.
here's my settings:
while I can ping 173.194.38.128 (which is actually google.com), I cannot ping... (3 Replies)
Hello,
I have a pretty useless satellite link at home (far from any civilization), so I wanted to set up caching in order to speed things up. My Squid 2.6 runs "3128 transparent" and is set up quite well on a separate machine.
I also have my dd-wrt router to move all port 80 traffic through... (0 Replies)
Hi folks,
Ubuntu 8.04 server amd64 - host
Ubuntu 6.06 server amd64 - guest
KVM
I referred;
The Kernel Virtual Machine
https://help.ubuntu.com/community/KVM
and couldn't figure out how to set guest static IP address
Host;
/etc/network/interfaces
# This file describes the... (3 Replies)
hey,
i have a problem with my routing setup i cant figure out. there is a unix router using iptables, and behind that a small lan. everything works when requesting directly from the router, but the machines behind that router cant access certain webpages, ie drupal.org (waits forever to establish... (1 Reply)